Re: Patch for comment: setuid core dumps

From: Randy.Dunlap
Date: Mon Sep 27 2004 - 15:57:02 EST



| Opinions, bugs, reviews, fan mail ?
|
|
| @@ -1383,6 +1389,17 @@
| up_write(&mm->mmap_sem);
| goto fail;
| }
| +
| + /*
| + * We cannot trust fsuid as being the "true" uid of the
| + * process nor do we know its entire history. We only know it
| + * was tainted so we dump it as root in mode 2.
| + */
| + if (mm->dumpable == 2) /* Setuid core dump mode */

Use something other than hard-coded '2'.

| + {
| + flag = O_EXCL; /* Stop rewrite attacks */
| + current->fsuid = 0; /* Dump root private */
| + }
| mm->dumpable = 0;
| init_completion(&mm->core_done);
| current->signal->group_exit = 1;

| diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla-2.6.9rc2/include/linux/sysctl.h linux-2.6.9rc2/include/linux/sysctl.h
| --- linux.vanilla-2.6.9rc2/include/linux/sysctl.h 2004-09-14 14:22:57.000000000 +0100
| +++ linux-2.6.9rc2/include/linux/sysctl.h 2004-09-27 16:05:39.889981776 +0100
| @@ -134,6 +134,7 @@
| KERN_SPARC_SCONS_PWROFF=64, /* int: serial console power-off halt */
| KERN_HZ_TIMER=65, /* int: hz timer on or off */
| KERN_UNKNOWN_NMI_PANIC=66, /* int: unknown nmi panic flag */
| + KERN_SETUID_DUMPABLE=67, /* int: unknown nmi panic flag */

Fix comment.

| @@ -1681,7 +1681,7 @@
| error = 1;
| break;
| case PR_SET_DUMPABLE:
| - if (arg2 != 0 && arg2 != 1) {
| + if (arg2 < 0 || arg2 > 2) {
| error = -EINVAL;
| break;
| }

The suid_dumpable possible values deserve an enum or #defines
instead of hard-coded values.


Otherwise makes sense to me & looks good on a quick look.

--
~Randy
MOTD: Always include version info.
(Again. Sometimes I think ln -s /usr/src/linux/.config .signature)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/